implement rndc healthcheck
As discussed in the "BIND triage cribsheet for on-call Support" session from our All Hands meeting.
The basic premise was a way to have named describe, from the perspective of its running configuration, what should be visible from a specific network location.
This should help operators recognize when named is running an incorrect configuration and also provide them with specific things that can be probed when an external-to-BIND issue is suspected.
From the meeting notes:
-
rndc healthcheck - is named doing what you think it should be doing per it's configuration?
- rndc healthcheck
<address>
(so that it can check what it's possible to do from ... - Access to these zones (loaded from these files...)
- ACLs that this address is in (or not in)
- Views - and access to ...
- Is recursion allowed?
- Do some dig commands based on the above ...
- rndc healthcheck
-
rndc status - could it list the ports and interfaces that it is currently listening on - and what it was configured on when started
- Could it check what the backlog is in the UDP and TCP socket buffers for those listen sockets?
-
ls -l on the named binary (when was it last updated) and ls -l named.conf (when was it last updated?)
- this could be part of 'rndc healthcheck'
See the wiki for the agenda for a link to the meeting notepad.